Security Alerts and Updates

February, 2018  (Click listings for more information).
23  FBI warns taxpayers to beware of new scams to steal W-2 info.
22  Here We Go Again: Intel Releases Updated Spectre Patches.
22  Chase ‘Glitch’ Exposed Customer Accounts.
21   Microsoft Fixes Windows 10 Vulnerability, But Doesn’t.
21   uTorrent Client Affected by Some Pretty Severe Security Flaws.
19   Apple Releases Fix for Indian Telugu Character Crash Bug.
19   IRS scam leverages hacked tax preparers, client bank accounts.
18   macOS May Lose Data Due to APFS Filesystem Bug.
17   Google Discloses Microsoft Edge Security Feature Bypass.
16   The Week in Ransomware – February 16th 2018.
15   Using the Chrome Task Manager to Find In-Browser Miners.
15   Mountain of sensitive FedEx customer data exposed.
14   On Feb 15, Chrome will begin to block certain types of online ads.
14   A botnet is exploiting a critical router bug that may never be fixed.
14   Websites use notifications to spam your browser instead of email.
13   Microsoft won’t patch a severe Skype vulnerability anytime soon.
13   Microsoft Patch Tuesday, February 2018 Edition.
13   Panic attack: Apple scams apply pressure.
12   Rapid Ransomware Being Spread Using Fake IRS Malspam.
12   The drive-by currency mining scourge shows no signs of abating.
11    macOS App screenshot feature exposes passwords, tokens & keys.
09  The Week in Ransomware – February 9th, 2018.
09  Free Decryption Tool Released for Cryakl Ransomware.
08  Ransomware Being Distributed Via Malspam Disguised as Receipts.
08  Intel Releases New Spectre Patch Update for Skylake Processors.
07  Lenovo to Recall ThinkPad X1 Carbon Laptops Due to Fire Hazard.
06  CSS Code Can Be Abused to Collect Sensitive User Data.
06  Bitdefender Ironically Stopped Working on Safer Internet Day.
06  Tech-support scammers have a new trick for Chrome users.
06  Adobe Releases Security Updates for Flash Player.

05  Fake Adobe Flash Update Sites Pushing CPU Miners.
02  New Mac cryptominer distributed via a MacUpdate hack.
02  Malicious Chrome Extensions are using Session Replay Scripts.

01   PSA: Beware of Sites Pretending to be Manual Firefox Updates.
01   New Adobe Flash Zero-Day Spotted in the Wild.

January, 2018  (Click listings for more information).
31   First Firefox Addon that Injects an In-Browser Miner?
30  Mozilla Releases Security Update for Firefox.
29  Hard-coded Password Bypasses Lenovo’s Fingerprint Scanner.
29  File Your Taxes Before Scammers Do It For You.
28  Microsoft issues Windows update that disables Spectre Mitigations.
27  Malwarebytes Update Released to Fix High CPU & Memory Usage.
26  Android botnet still thrives 16 months after coming to light.
26  28 Fake Ad Agencies created for Massive Malvertising Campaign.
26  Registered at SSA.GOV? Good for You, But Keep Your Guard Up.
26  Now YouTube serves ads with CPU-draining cryptocurrency miners.
25  Security vulnerabilities fixed in Thunderbird 52.6.
25  Monero Mining Campaigns Are Becoming a Real Problem.
25  Undetectable malware targets Windows, MacOS, and Linux systems.
24  Chrome 64 Released With Strong Popup Blocker, Spectre Mitigations.
23  Dell Advising All Customers To Not Install Spectre BIOS Updates.
23  Apple Releases Security Updates for Multiple Products.
23  Mozilla Fixes Security Vulnerabilities in Firefox 58.
22  Opera blocks in-browser CryptoCurrency mining in mobile browser.
22  Linus Torvalds Thinks the Linux Spectre Patches are UTTER GARBAGE.
21   A new information stealing Trojan called Evrial in wide use.
19   OnePlus confirms up to 40,000 customers affected by credit card breach.
18   Chrome & Firefox extensions block their removal to hijack browsers.
18   Facebook Password Stealing Apps Found on Android Play Store.
17   Some Basic Rules for Securing Your IoT Stuff.
17   How to stop the Meltdown & Spectre patches from slowing down your PC.
16   How to check if your PC or phone is protected against Meltdown & Spectre.
16   Over 500,000 Users Impacted by 4 Malicious Chrome Extensions.
16   Skygofree — Powerful Android Spyware Discovered.
15   List of Links: BIOS Updates for the Meltdown and Spectre Patches.
12   AMD will release CPU microcode updates for Spectre flaw this week.
12   Intel Broadwell & Haswell CPUs experiencing reboots after updates.
12   The First Mac Malware of 2018 Is a DNS Hijacker Called MaMi.
11    Skype Adds End-to-End Encryption for Private Conversations.
10   Mac spyware stole millions of user images over 13 years.
10   macOS High Sierra’s App Store Can Be Unlocked With Any Password.
09  CoffeeMiner project lets you hack public Wi-Fi to mine cryptocoins.
09  Microsoft’s January Patch Tuesday and Adobe Flash Player  updates.
09  No More Windows Security Updates Unless AVs Set a Registry Key.
09  Microsoft Pauses Meltdown and Spectre Patches for AMD Devices.
09  How to Check if Your PC Is Protected Against Meltdown and Spectre.
08  WPA3 WiFi Standard Announced After Researchers KRACKed WPA2.
08  Meltdown and Spectre patches will come to 90%+ of Intel chips soon.
08  More stuff broken amid Microsoft’s efforts to fix Meltdown/Spectre.
08  Microsoft’s Spectre-fixer bricks some AMD PCs.
08  Apple releases iOS and macOS updates with a mitigation for Spectre.
06  HP Is Recalling Some Laptop Models Due to Slight Battery Melting.
06  Qualcomm  confirms its CPUs suffer hack bugs, too.
05  Meltdown CPU fixes are here. Spectre flaws will be around for years.
05  Scary Chip Flaws Raise Spectre of Meltdown.
05  All Mac systems & iOS devices are affected by Meltdown & Spectre flaws.
04  How to Protect Your Devices Against Meltdown and Spectre Attacks.
04  Intel to update firmware for most modern CPUs by the end of next week.
04  How to check & update Windows for the Meltdown and Spectre CPU flaws.
04  Microsoft Releases Updates to Fix Meltdown and Spectre CPU Flaws.
04  Mozilla pushes “Spectre” patch for Firefox.
03  Google Removes 36 Fake Android Security Apps Packed with Adware.
03  Meltdown and Spectre vulnerabilities discovered in modern processors.
03  Huge flaw found in Intel Processors; patch could hurt performance.
02  Security Summary: In Development Heropoint Ransomware.
02  Vulnerabilities Discovered in (GPS) Location Tracking Services.
02  macOS Exploit Published on the Last Day of 2017.
01   Flaw in major browsers allows scripts to steal your saved passwords.
01   Forever 21 confirms breach exposed customer credit card details.

December, 2017  (Click listings for more information).
30  Browser data leakage bug – Mozilla to delete info just in case.
29  Apple Will Discount Future Battery Replacements for iPhones.
29  Chrome Extension Caught Pushing Cryptocurrency Miner.
29  Critical Bypass Flaw Found in Samsung Android Browser.
28  Four Years After Target, the Little Guy is the Target.
27  Malicious apps could guess your phone’s PIN using sensors data.
27  Web Trackers Exploit Flaw in Browsers to Steal Usernames.
25  Vulnerability Affects Hundreds of Thousands of IoT Devices.
25  Mozilla Releases Security Update for Thunderbird.
23  Facebook will alert you when someone else uploads a photo of you.
22  Satori IoT Botnet Exploits Zero-Day to Zombify Huawei Routers.
22  NVIDIA Ends Driver Support for 32-Bit Operating Systems.
22  Opera 50 to Include Cryptojacking Protection.
22  Facebook phishers want you to “Connect with Facebook”.
21   New Facebook Feature Will Help Users Spot Phishing Attempts.
21   Digmine Malware Spreading via Facebook Messenger.
21   Apple Admits Deliberately Slowing Older iPhones — Here’s Why.
20  Amazon S3 Bucket Exposes Details on 123 Million US Households.
20  Windows 10 password manager bug is hiding good news.
20  Tech support scammers make browser lockers more resilient.
19   Microsoft Word slams the door on DDEAUTO malware attacks.
19   Buyers Beware of Tampered Gift Cards.
19   Currency-mining Android malware can physically harm phones.
18   Mobile Menace Monday: upping the ante on Adups.
15  Win 10 version of Keeper had bug allowing sites to steal passwords.
14   FCC Just Killed Net Neutrality—What Does This Mean?
14   Attack on Critical Infrastructure Site Causes Outage.
14   What’s in your Android’s December Security Update?
14   Google Releases Security Update for Chrome.
13   Remote ‘Root’ Exploit Disclosed in AT&T DirecTV WVB Devices.  
13   Apple Releases Security Updates.
12   Patch Tuesday, December 2017 Edition.
12   iOS Jailbreak Exploit Published by Google.
08  Pre-Installed Keylogger Found On Over 460 HP Laptop Models.
08  Android Flaw Lets Hackers Inject Malware Into Apps.
08  Phishing embraces HTTPS, hoping you’ll “check for the padlock”.
07  Microsoft Issues Emergency Windows Security Update.
07  New Malware Evasion Technique Works On All Windows Versions.
07  Mozilla Releases Security Update for Firefox.
06  Google Releases Security Update for Chrome.
06  Apple Releases Multiple Software Security Updates.
06  Use TeamViewer? Fix this dangerous permissions bug.
05  Email Spoofing Flaw Affects Over 30 Popular Email Clients.
05  Keyboard App collects personal data on its 31 million users.
04  Smile, you’re on hidden webcam Airbnb TV.
04  Yet another flaw in Apple’s “iamroot” bug fix.
02  Security vulnerabilities fixed in Firefox 57.0.1.
PayPal phish asks to verify transactions—don’t do it.

Real-World Protection Test July – November 2017

November, 2017  (Click listings for more information).
30  HP installs telemetry bloatware on your PC-here’s how to remove it.
29  Websites mine cryptocurrency even when you close your browser.
29  Internet-paralyzing Mirai botnet comes back with new strain.
29  Apple Releases macOS High Sierra Security Update.
28  Hackers Exploit Recently Disclosed Microsoft Office Bug.
28  Bug in macOS lets you log in as admin with no password required.
27  Terror Exploit Kit Goes HTTPS All The Way.
26  Botnet Just Sent 12.5 Million Emails With Scarab Ransomware.
24  Imgur—Popular Image Sharing Site Was Hacked In 2014.
23  MS Office feature could be used to create self-replicating malware
21   Uber Paid Hackers to Delete Stolen Data on 57 Million People.
21   Critical flaws in Intel Processors leave millions of PCs vulnerable.
21   Android Location Data collected when Location Service is disabled.
20  Fund Targets Victims Scammed Via Western Union.
20  Windows ASLR Vulnerability.
20  Amazon to fix Key home security vulnerability.
20  OSX.Proton spreading through fake Symantec blog.
20  BankBot returns on Play Store – A recurring Android malware.
20  Amazon Echo and Google Home patched against BlueBorne threat.
20  No, you’re not paranoid. Sites really are watching your every move.
17   Banking Trojan can now steal Facebook, Twitter & Gmail accounts.
16   Security Tip – Securing the Internet of Things.
15   20 Million Amazon Echo & Google Home Devices Vulnerable.
15   Ransomware-spreading hackers sneak in through RDP.
14   Adobe, Microsoft Patch Critical Cracks.
14  Mozilla today launched Firefox 57, branded Firefox Quantum.
14  Mozilla Releases Security Updates.
14  Google takes strict steps against Apps abusing accessibility services.
14  Google study reveals how criminals break into Gmail accounts.
13   How to Opt Out of Equifax Revealing Your Salary History.
13   Hackers say they broke Apple’s Face ID.  We’re not convinced.
11    New Microsoft Word attacks infect PCs sans macros.
10   Microsoft introduces highly secure Windows 10 device standards.
10   How AV Can Open You to Attacks.
09  Microsoft Office Dynamic Data Exchange (DDE) Exploit.
08  Cryptojacking craze that drains your CPU now done by 2,500 sites.
06  Simple Banking Security Tip: Verbal Passwords.
06  Google Releases Security Update for Chrome.
03  Forgeries undermine the trust people place in digital certificates.
03  Smart Lock & iCloud Keychain, password managers for the rest of us.
03  Fake version of the WhatsApp messaging app for Android fools many.
02  iPhones get a KRACK patch and a Wi-Fi 0-day on the same day.
02  Equifax Reopens Salary Lookup Service.
01   Mind these digital crimes and arm yourself against them.

Real-World Protection Test – October 2017 (Graph)

Malware Removal Test 2017 (PDF)